SS TechoBlog

Technology Simplified!

.com to .org

New domain, new location, new address

thought of letting you know! )

Please bookmark my new address on your sharp mind

http://techlog.samsden.org

(Site: http://www.samsden.org)

June 22, 2008 Posted by | Uncategorized | , | Leave a comment

Still Stuck up wid Autorun Problem? – .MS32DLL

Well Guys…n gals…

I have been really happy since my last post that finally I got rid of the virus from my friends computer (Yeh…. Luckily my PC is not yet infected! 🙂 ). But then last week, one of my friend, Sachin, told me that hs is facing same problem again… but this time the drive is exploring instead of asking ‘Open with…’ Option… So I said… lets see whats there….

Hm…. new virus?…well has to be… I had tried to remove previous one even when knowing that its not there!.. so I started looking for some unusual stuff… n here is what I got…

Each drive had following two hidden files in their root directory..

  1. autorun.inf (the usual one)
  2. .MS32DLL.DLL.vbs (or u may say .MS32DLL.DLL if extensions are hidden)

beside there are few unwanted entries in the startup list :

  1. MS32DLL
  2. Winboot

And following process running (shown in the task manager)

  1. wscript.exe

So again we start with manual Method.. Well this time its purely mine!

  1. As usual, Turn off the ‘System Restore’ Option
  2. Boot your system in Safe Mode
  3. open task manager (Ctrl+Alt+Del)
  4. Find the process called ‘wscript.exe‘ from ‘Processes‘ tab
  5. Right Click on it and select ‘End Process Tree‘ from the popup menu.
  6. Now search following hidden files and delete them with ‘Shift+Del‘.
    • [drive]:\.MS32DLL.DLL or .MS32DLL.DLL.vbs
    • [drive]:\autorun.inf
  7. Where[drive] is the drive letter..e.g. C, D, etc..

  8. Well there is two more file remaining… ‘%windir%\boot.ini‘ and %windir%\.MS32DLL.DLL.vbs‘ where %windir% is the Windows folder, generally its ‘C:\windows\boot.ini
  9. We need to delete this file also!
  10. Whats next?…. open run box and type ‘regedit‘ and click ok… a window titled ‘Registry Editor‘ will open…
  11. Go to Edit> Find… and type in .MS32DLL.DLL
  12. delete all the entries containing this name
  13. Goto HKEY_LOCAL_MACHINE>SOFTWARE>Mircrosoft>Windows>CurrentVersion>Run and delete Entry saying ‘winboot
  14. All Done!

Now Just restart the computer and Check if its really workin!

There is a major problem in this method. I dont know exact reason but I think due to this virus, the ‘View All’ Option in Folder Options Stop Working!

So we start wid The Simpler one : The One Click Option!

Just Download following file and double click it!

http://www.4shared.com/file/18259895/f924b303/Remove_MS32DLL.html

nJoY! KeeP SMiLiNG!!!

June 20, 2007 Posted by | TechnoSam | Leave a comment

Are you Recycled? ;-)

With Flash (USB) drives being so cheap (thanx to the leaks in some of the defense departments 😀 ) almost everyone in my class has those little memory devices with them.

But from past few months the devices are acting strangely! When you double click on the flash drive icon in my computer, you either get a message saying the device is inaccessble or could not be recognised or a dialogs box will appear with ‘Open with..’ title.

And the flash drive contains following hidden files n folders.

  1. autorun.inf
  2. Recycled (folder)
  3. Recycled\driveinfo.dll
  4. Recycled\voinfo.dll
  5. Recycler (folder)

So what to do?
The best and easiest way is to update your antivirus system with new virus definitions. What if you cant? There is one more way!
Do it Manually! Be a virus hunter!But how?

Follow the steps.

1. first we need to boot the PC to a safe mode of Windows.
2. Open the registry (click START, then click RUN, type regedit and click OK.
3. On the Registry Editor, look for the entry which contains “inetsrv” (press ctl-f, type inetsrv and click OK)
4. Delete all entries that contains inetsrv.exe.
5. Repeat step 3 and 4 until it will prompt you that the files are not found, which means that the entries that contain “inetsrv” are all deleted.
6. Change the View option of the Windows explorer to “View All”, for us to view hidden files.
7. Search for the files created by this worm as mentioned above and delete them all.
8. After these, restart the PC and boot it to normal.

(The steps are given by Symantec.

Well there is one more way to remove the virus and you DON’T HAVE TO RESTART THE COMPUTER!.

1. Download the following files.

remove_usb.bat

remove_vir.bat

2. Place remove_vir.bat in the C: (or system) drive and reomve_usb.bat in the flash drive.

3. Whats next? Run them by double-clicking!! 🙂

(If this doesn’t work, try to Disable the System restore

1. Goto Run & type ‘msconfig’ and press Enter.

2. click on ‘Launch System Restore’ button

3. View System Restore Settings’ and Disable the System Monitoring!

4. Enable it after you run those .bat files

Although it won’t harm computer, but its not recommended !)

Finally, a word of caution: I have been using these file to remove the virus for quite a long time, but I do not take 100% guarantee that it will work on your PC!

May 5, 2007 Posted by | TechnoSam | 3 Comments

Folder Option : Why can’t I unhide my hidden documents

This problem is faced by a lot of ppl.

The “Folder Option” in the “Tools” menu is missing, even if you are logged in as a Administrator.

Follow the steps to get the menu back.

  1. Log in as a Computer Administrator ( or any account with admin rights).
  2. Go to Start>Run
  3. Type in ‘gpedit.msc’. The window like shown below will open:
  4. Go to ‘User Configuration > Administrative Settings > Windows Components > Windows Explorer’
  5. Now double-click on “Remove thee folder options menu…….” from the right pan.
  6. Disable it…. and save the settings.

And Now you will have your ‘Folder Options’ Menu back in Place…

nJoy!!

February 17, 2007 Posted by | TechnoSam | Leave a comment

Adobe Acrobat : Lacks Reverse Engg

All those surf have come across a pdf file somewhere on the net. We as an engg students always come across the engg material provided in a pdf file due to its structure – a pdf file does not require additional fonts, its formating does not change from PC to PC.
But did you come across some files when you cannot copy contents from the files? (I’m not talking about the secured/locked files.)

So how does it works? Why doesn’t it require those fonts used in it to be installed?
Well, the Acrobat Writer adds the fonts to the file- so the pdf file carries the fonts used in it!

But, here is a problem again…..This makes the file bulky…So what to do?
The Writer thus uses a technique called ‘Subsetting the fonts’! What it actually does is – it includes only those characters which are used e.g. if I have used “Space Age” font to only write “Hello” then only H,e,l and o are included in the file…..This reduces the file size…..

The biggest problem arrives here! if you try to copy the contents of such file in another file, you will notice that the copied contents doesn’t make any sense – its all garbage!

And on top of that – After searching for at least 3-4 months on net – I came to know that – YOU CAN NOT DO ANYTHING TO GET THE CONTENTS!!!!!

Thats ridicules!!! You can not reverse the process!!!!!!!

(BTW, there is a way to get contents of such files – Use OCR “FineReader” – its not a efficient way but at least you get what you want!!)

December 26, 2006 Posted by | TechnoSam | Leave a comment